<!--

    Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
    Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->

<p><a id="ref-configreq-respolicy" name="ref-configreq-respolicy"></a><a id="GHCOM00125" name="GHCOM00125"></a></p>

<h4><a id="sthref234" name="sthref234"></a>Request and Response Policy Configurations</h4>
<a name="BEGIN" id="BEGIN"></a>
<p>If Authenticate Source is <code>sender</code>, then the message contains a <code>wsse:Security</code> header with a <code>wsse:UsernameToken</code> (with password). If Authenticate Source is content, then the content of the SOAP message body is signed, and the message contains a <code>wsse:Security</code> header with the message body signature represented as a <code>ds</code>:<code>Signature</code>.</p>
<p>If Authenticate Recipient is either <code>before-content</code> or <code>after-content</code>, the content of the SOAP message body is encrypted and replaced with the resulting <code>xend:EncryptedData</code>. The message contains <code>a wsse:Security</code> header that contains an <code>xenc:EncryptedKey</code>. The <code>xenc:EncryptedKey</code> contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.</p>
<p>If the Authenticate Source and Authenticate Recipient settings are left blank, then no security policy is specified, and the modules perform no security operations.</p>
<p>The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.</p>
<a id="GHCOM469" name="GHCOM469"></a><a id="sthref235" name="sthref235"></a><a id="gbutq" name="gbutq"></a>
<p><b>Message Protection Policy Based on WS-Security Soap Message Security Operation</b></p>
<table  title="Message Protection Policy Based on WS-Security Soap Message Security Operation" summary="Add Summary attribute value here." dir="ltr" border="1" width="100%" frame="hsides" rules="rows" cellpadding="3" cellspacing="0">
<col width="20%" />
<col width="*" />
<col width="40%" />
<thead>
<tr align="left" valign="top">
<th align="left" valign="bottom" id="r1c1-t12"><br /></th>
<th align="left" valign="bottom" id="r1c2-t12">Authenticate Recipient <code>before-content</code></th>
<th align="left" valign="bottom" id="r1c3-t12">Authenticate Recipient <code>after-content</code></th>
</tr>
</thead>
<tbody>
<tr align="left" valign="top">
<td align="left" id="r2c1-t12" headers="r1c1-t12">
<p>Authenticate Source <code>sender</code></p>
</td>
<td align="left" headers="r2c1-t12 r1c2-t12 r1c3-t12" colspan="2">
<p>The content of the SOAP message body is encrypted and replaced with the resulting <code>xend:EncryptedData</code>. The message contains <code>a wsse:Security</code> header that contains a <code>wsse:UsernameToken (with password)</code> and an <code>xenc:EncryptedKey</code>. The <code>xenc:EncryptedKey</code> contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.</p>
</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r3c1-t12" headers="r1c1-t12">
<p>Authenticate Source <code>content</code></p>
</td>
<td align="left" headers="r3c1-t12 r1c2-t12">
<p>The content of the SOAP message body is encrypted and replaced with the resulting <code>xend:EncryptedData</code>. The <code>xenc:EncryptedData</code> is signed. The message contains <code>a wsse:Security</code> header that contains an <code>xenc:EncryptedKey</code> and a <code>ds:Signature</code>. The <code>xenc:EncryptedKey</code> contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.</p>
</td>
<td align="left" headers="r3c1-t12 r1c3-t12">
<p>The content of the SOAP message body is signed, then encrypted, and then replaced with the resulting <code>xend:EncryptedData</code>. The message contains a <code>wsse:Security</code> header that contains an <code>xenc:EncryptedKey</code> and a <code>ds:Signature</code>. The <code>xenc:EncryptedKey</code> contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.</p>
</td>
</tr>
</tbody>
</table>
<hr>




<small>Copyright &#169; 2005, 2017, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></small>
<small>Portions Copyright &#169; [2017-2020] Payara Foundation and/or affiliates.</small>
